From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49505)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1Wmoym-0003zC-4H
	for qemu-devel@nongnu.org; Tue, 20 May 2014 14:41:43 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1Wmoyd-0006LA-90
	for qemu-devel@nongnu.org; Tue, 20 May 2014 14:41:36 -0400
Received: from e7.ny.us.ibm.com ([32.97.182.137]:40144)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1Wmoyd-0006L5-4y
	for qemu-devel@nongnu.org; Tue, 20 May 2014 14:41:27 -0400
Received: from /spool/local
	by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
	Tue, 20 May 2014 14:41:26 -0400
Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com
	[9.57.198.29])
	by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 50EA338C803B
	for <qemu-devel@nongnu.org>; Tue, 20 May 2014 14:41:23 -0400 (EDT)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64])
	by b01cxnp23034.gho.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	s4KIfNj54850146
	for <qemu-devel@nongnu.org>; Tue, 20 May 2014 18:41:23 GMT
Received: from d01av04.pok.ibm.com (localhost [127.0.0.1])
	by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	s4KIfME0028100
	for <qemu-devel@nongnu.org>; Tue, 20 May 2014 14:41:23 -0400
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Michael Roth <mdroth@linux.vnet.ibm.com>
In-Reply-To: <CAFEAcA_+850mMtBPpdfDcQoc75nr7Y1fpAAq-2y2pCFqLsKQHA@mail.gmail.com>
References: <1400606439-19899-1-git-send-email-mdroth@linux.vnet.ibm.com>
	<CAFEAcA_+850mMtBPpdfDcQoc75nr7Y1fpAAq-2y2pCFqLsKQHA@mail.gmail.com>
Message-ID: <20140520184120.2719.51801@loki>
Date: Tue, 20 May 2014 13:41:20 -0500
Subject: Re: [Qemu-devel] [PATCH] qapi: zero-initialize all QMP command
	parameters
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Fam Zheng <famz@redhat.com>, Markus Armbruster <armbru@redhat.com>, QEMU Developers <qemu-devel@nongnu.org>, Luiz Capitulino <lcapitulino@redhat.com>

Quoting Peter Maydell (2014-05-20 13:21:15)
> On 20 May 2014 18:20, Michael Roth <mdroth@linux.vnet.ibm.com> wrote:
> > In general QMP command parameter values are specified by consumers of t=
he
> > QMP/HMP interface, but in the case of optional parameters these values =
may
> > be left uninitialized.
> >
> > It is considered a bug for code to make use of optional parameters that=
 have
> > not been flagged as being present by the marshalling code (via correspo=
nding
> > has_<parameter> parameter), however our marshalling code will still pass
> > these uninitialized values on to the corresponding QMP function (to then
> > be ignored). Some compilers (clang in particular) consider this unsafe
> > however, and generate warnings as a result. As reported by Peter Maydel=
l:
> >
> >   This is something clang's -fsanitize=3Dundefined spotted. The
> >   code generated by qapi-commands.py in qmp-marshal.c for
> >   qmp_marshal_* functions where there are some optional
> >   arguments looks like this:
> >
> >       bool has_force =3D false;
> >       bool force;
> >
> >       mi =3D qmp_input_visitor_new_strict(QOBJECT(args));
> >       v =3D qmp_input_get_visitor(mi);
> >       visit_type_str(v, &device, "device", errp);
> >       visit_start_optional(v, &has_force, "force", errp);
> >       if (has_force) {
> >           visit_type_bool(v, &force, "force", errp);
> >       }
> >       visit_end_optional(v, errp);
> >       qmp_input_visitor_cleanup(mi);
> >
> >       if (error_is_set(errp)) {
> >           goto out;
> >       }
> >       qmp_eject(device, has_force, force, errp);
> >
> >   In the case where has_force is false, we never initialize
> >   force, but then we use it by passing it to qmp_eject.
> >   I imagine we don't then actually use the value, but clang
> >   complains in particular for 'bool' variables because the value
> >   that ends up being loaded from memory for 'force' is not either
> >   0 or 1 (being uninitialized stack contents).
> >
> > Fix this by initializing all QMP command parameters to {0} in the
> > marshalling code prior to passing them on to the QMP functions.
> >
> > Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
> > Reported-by: Peter Maydell <peter.maydell@linaro.org>
> > Tested-by: Peter Maydell <peter.maydell@linaro.org>
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> =

> Had I tested this before? In any case I have now :-)
> =

> It fixes the more recent clang compile warning as well as
> the more long standing sanitizer runtime complaints.

Thanks! You added your Tested-by: in the original thread, but it
was probably old enough to warrant another test run :)

> =

> thanks
> -- PMM